In the past five months, fintech co-branded cards issued by SBM India, including forex cards, corporate cards and prepaid cards, have been blocked due to the bank’s KYC non-compliance
Having SBM India partnered with over 45 fintechs and issued corporate and business cards to a significant number of startups, it impacts millions, believe experts
Despite having completed the re-KYC norms back in April, SBM India has not activated their cards, complain users
More than eight Lakh corporate credit card users from startup and SME sectors have hit a wall since April this year and witnessed a downward spiral without any respite. Initially, their plight hit the headlines as their corporate credit cards were blocked from midnight of March 31 without prior notice, citing the need to update KYC (know your customer) details as mandated by the Reserve Bank of India.
But what has thrown them in a tizzy is that in spite of completing the re-KYC process in April, the issuer bank, SBM India, has not given any assurance on when these cards will be reactivated.
The following screengrab from a recent email message to a fintech partner of a co-branded credit card has captured the user sentiment.
Such unresponsiveness is unprecedented in the country’s banking history, especially when card users had little time to comply with the KYC mandate.
What would you do if your cards got blocked after a three-hour notice late in the evening? That was the query we faced from all and sundry impacted by the cardblocks.
It was 9 pm on March 31, 2023, when Dr Suraj Dhirwani, founder and CEO of the Mumbai-based healthcare IT and content creation company TechnoMedix received an email message from SBM India Bank. The notification said his corporate credit cards would be temporarily on hold with effect from midnight of March 31, 2023.
It was just a three-hour window. The very next day (April 1) – the first day of FY24 – he had more than 15 subscriptions (Google Workspace, Google Domains, HostGator, ResellerClub, Canva, Grammarly, GoDaddy, Microsoft, Envato and more) lined up for recurring payments.
The timeframe also surprised the serial entrepreneur. According to the RBI guidelines, re-KYC needs to be done periodically. “But our Razorpay corporate credit card issued by SBM India is just six months old. Technically, it does not require any re-KYC,” he said.
“There has been no prior intimidation for this. With less than 24 hours to comply, no link mentioned for re-KYC, no warning, what sort of banking behaviour is this?” Dr Dhirwani immediately replied to the SBM, seeking much-needed clarification.
Meanwhile, more than 50 freelancers working for Dhirwani alerted the founder on April 1 that their Google Workspace was no longer functioning. A host of other services paid through regular subscriptions started to falter due to non-payment.
Dhirwani was not the only one affected. All co-branded corporate and prepaid cards from various fintechs such as Karbon, Kodo, EnKash, Happay, Open, Velocity and Razorpay issued through SBM India were suspended after March 31, impacting millions across India.
“All payments failed, and services would have been disrupted because of non-payment, just because a bank failed to do its job. We were affected by this, and now I have to switch to my personal credit card because of this mess created by SBM Bank (India) and Razorpay,” Rohan Chaudhary, another serial entrepreneur and founder of the Delhi-based career transition startup Unlearn Product, vented his frustration on LinkedIn.
Ajay Patel, a Kodo corporate card user for two years and cofounder of Vadodara-based startup Atyantik Technologies, which provides mobile application solutions to overseas clients, did not receive any SBM notification, though.
“I received a bunch of messages alerting me to payment failures on multiple subscriptions. That’s when I checked social media and learnt what happened,” he said.
“Our CA advised us not to make company payments using personal cards. And the Kodo card seemed promising and effective as I could activate it within minutes,” recalled Patel.
He used the card to make recurring payments for AWS and other third-party services.
Clearly, these payment stoppages have thrown the startup and SME fraternity into a state of panic.
“It doesn’t matter whether you use Kodo, Karbon, Razorpay or other fintechs’ corporate credit cards as you end up using an SBM card,” said a serial entrepreneur currently developing a fintech in stealth mode.
From Alliance To Alleged Non-Compliance In Three Years
One should not frown upon the overdependence of fintechs on SBM India, as it has happened for a valid business reason: Both have benefited from the alliance.
As several media reports point out, partnering with a variety of fintechs has helped SBM India tap into a fast-growing market and drive its retail business without spending a fortune. According to Inc42 data, it has partnered with more than 45 fintechs, including segment leaders such as Razorpay.
Thanks to these partnerships, SBM India recorded unprecedented growth by acquiring over 1.5 Mn credit card users by October 2022 — within three years of its operation — while keeping the NPA ratio (net NPAs to net advances) at 0.27%, well within limits. (More on that later).
Then there is the other side of the coin. The bank has always been a startup-friendly entity with minimum eligibility criteria, just like the Silicon Valley Bank (SVB) in its previous avatar. SMEs and small startups in India always find it challenging to obtain corporate credit cards from legacy players like SBI, HDFC, and ICICI bank. Though things have changed a bit by now.
Here is a case in point.
“We are an Imperia user (which requires an average monthly balance of INR 10 Lakhs in one’s savings account), but HDFC Bank did not issue us a corporate credit card,” said Dhirwani. “So, we had to opt for a Razorpay corporate card. Incidentally, Razorpay has been also our payments partner for the last couple of years.”
However, too thick an alliance with a single entity may not always bode well for the startup community or small and medium businesses, say experts. The recent collapse of SVB brings too many painful associations and similarities to the fore. Timely diversifications and an effective Plan B should be at the core of young and agile businesses compelled to cope with a volatile macroeconomic environment and a long funding winter.
Although a freeze on recurring payments may not be as disastrous as losing one’s entire deposit (which, thankfully, did not happen at SVB), such incidents are bound to hurt the reputation and hinder business growth.
This brings us back to the key issue that has disrupted ‘business as usual’ – the KYC non-compliance by SBM India.
When & why re-KYC raises its head: Adopting a risk-based approach, the Indian central bank issued in 2021 a set of KYC guidelines for all regulated entities (REs) to ensure periodic updation of KYC data. This is often referred to as the re-KYC process.
For entities (customers other than individuals), the RBI’s re-KYC guideline has two monitoring mandates. These include:
- No change in KYC information: In case there is no change in KYC data, banks are required to obtain a self-declaration and a letter from an official authorised by the company.
- Change in KYC information: In case of any change, banks shall undertake the KYC process applicable for onboarding a new LE (legal entity) customer.
For individuals, too, a periodic updation will be carried out. This will be held at least once in every two years for high-risk customers, once in every eight years for medium-risk customers and once in every 10 years for low-risk customers from the date of account opening/last KYC updation.
Did SBM India slip up on these guidelines and fail to conduct customer due diligence?
It is worth noting that the RBI, on January 23, 2023, the RBI directed SBM India to stop all LRS transactions, citing material supervisory concerns. Nevertheless, the ban was partially lifted, allowing ATM/PoS activities.
“There had been complaints about SBM India not conducting customer due diligence. We have found a slew of loopholes and irregularities in its banking operations. If the same was continued, it would have resulted in cyberfrauds and other frauds. For instance, despite the RBI guidelines, the bank does not have updated KYC details of its customers,” an RBI official told Inc42 on the condition of anonymity.
In fact, there were several compliance factors that SBM failed to meet in a timely manner.
This irked the central bank which runs a tight ship with compliance at its core.
But before we figure out what has led the bank to a risky path, one must go back to the beginning to understand SBM India’s phenomenal growth.
How A Fintech Network Drove The Rapid Rise Of SBM India
The SBM Group, Mauritius, was the first foreign bank to acquire a banking licence in India on December 6, 2017, followed by DBS, Singapore, on October 4, 2018.
With just 12 branches in eight cities and three suburban areas, SBM India has successfully positioned itself as a fintech-first bank and currently serves 1 Mn customers from 500+ Indian cities via its digital channels. However, much of this expansion credit goes to its burgeoning fintech network and the customers acquired through these partners.
While legacy players like HDFC Bank, the State Bank of India and others still have reservations about collaborating with fintechs, SBM India has been at the forefront and open to partnering with every fintech company out there.
It has been a win-win for all stakeholders. The bank is now able to reach more customers and access relevant data for further growth without paying a fortune for customer acquisition. Fintechs, on the other hand, are piggybacking its services and digital framework to meet the banking requirements of businesses and individuals. Within three years of its operations, SBM has partnered with more than 45 fintechs.
The momentum continued for some time, and in October 2022, SBM India emerged as the third-largest credit card issuer, ahead of industry giants HDFC Bank and ICICI Bank.
Anubhav Jain, founder and CEO of the Bengaluru-based B2B payment solutions provider Rupifi, explained the thorough service integration as SBM Bank catered to fintechs’ needs. “If you buy a corporate credit card offered by Fintechs, nine out of 10 times, you will end up buying an SBM India card,” he said. Additionally, it has partnered with many fintechs to provide digital banking solutions.
The Turbulence: Will It Snowball Beyond Re-KYC?
Some experts blame the non-compliance allegation on the breakneck speed at which the bank has grown. With only around 350 employees in India, the bank might have found it difficult to meet KYC and other compliance norms on time. Moreover, credit card transactions at SBM India slumped by more than 76% after the bank deactivated all co-branded corporate credit cards.
If we compare the April data with that of November 2022, the transactions’ value has reduced by 81% and the number of cards too have reduced by 40%.
But there’s more. Take, for instance, the outcome of Q4 FY23 (January-March 2023), when the bank clocked a net loss of INR 6.3 Cr. Its profits remained stagnant over the past three years despite its fast-growing fintech network across the country and its accumulated advantages. From FY21 to FY23, SBM India registered net profits of INR 19 Cr, INR 16 Cr and INR 20 Cr, respectively.
Incidentally, the bank had struggled with compliance even before the RBI intervened in its forex and corporate card businesses in 2023. On October 15, 2019, the central bank imposed a penalty of INR 3 Cr on SBM Bank (India) for non-compliance with regulatory norms by SBM Bank (Mauritius). These included certain provisions issued by the RBI on ‘time-bound implementation and strengthening of SWIFT-related operational controls’ and ‘cybersecurity framework in the banks’.
As part of security and operational controls in SWIFT (Society for Worldwide Interbank Financial Telecommunication) environment, the RBI has issued instructions mandating banks to operate under a framework to red flag potential loan frauds, maintain a searchable database of potential frauds, re-verify certain title deeds and act in a time bound manner to stop these frauds.
In October 2018, SBM (Mauritius), India, was merged with SBM Bank (India) after the latter received a banking licence from the RBI. But this did little to get the SBM India house in order, as witnessed in 2023.
The situation worsened when the RBI, in one fell swoop, stopped the bank’s LRS transactions on January 23. Although its services have been partially restored, it is still unclear when the forex cards will be fully functional as before. Many of its fintech allies are said to have suspended their partnerships with SBM India after this unexpected roadblock, but there has been no official announcement yet.
Inc42 got in touch with the fintechs and SBM India. They have not responded to our queries at the time of publishing this article, but we will update the story as and when their comments come in.
If the forex card stoppage was a big blow, the midnight deactivation of corporate credit cards was worse. Jain of Rupifi, whose fintech tied up with Axis Bank for co-branded credit cards, narrowly escaped this mess. “Initially, we also contacted SBM India for the partnership but did not see a long term sustainability. Hence, we decided to go with Axis.”
He also had a fair idea of what was happening on the ground.
“Of late, SBM Bank has struggled with KYC issues and other regulatory hurdles. As most card fintechs use SBM Bank at the backend, this overnight card-blocking [due to KYC issues] has made things tough for startup founders who sought the services from their fintech peers,” said Jain.
According to several card users interviewed by Inc42, they trusted these credit cards from fintech companies because they already had a business relationship with them. The fintechs had marketed and introduced these cards to them, and they had no problem opting for those. But now that things have gone south, these fintechs are expressing their inability to address the issues.
It is not a breach of trust in any sense, but many think that fintech startups have gone overboard while piggybacking banks like SBM India.
According to the RBI guidelines, the co-branded credit/debit card shall explicitly indicate that the card has been issued under a co-branding arrangement. Also, the co-branding partner must not advertise/market the co-branded card as its ‘own’ product. Besides, in all marketing/advertising material, the name of the card issuer must be clearly shown.
In spite of these clear guidelines and the concerned bank’s name on the card, co-branded products are still promoted in a manner that suggests a meaningful affiliation with the fintech brand, which is not the case.
Who else stands to lose the most from this tricky situation? SBM India, of course.
The bank has reportedly been looking to raise growth capital to drive its localisation efforts. But now that it is under the RBI scanner and may see a reduction in its B2B client base and overall growth, funding against Tier I capital/equity may not be feasible soon.
As a result, it has raised back-to-back funding by issuing Tier II bonds, a debt financing instrument. SBM India raised INR 300 Cr, INR 125 Cr from NABARD under automatic refinance facility and by issuing Tier II bond in 2022 and INR 99 Cr from LIC in 2023.
According to experts, if the bank’s troubled run continues, SBM India, currently rated A+ (stable) by the rating agency ICRA, may face capital, credit and liquidity risks later.
Left In The Lurch, Aggrieved Card Users Approach The Banking Ombudsman
In the past five months, the RBI restrictions on a couple of SBM India products have created widespread panic among users. In January, the ban on its forex transactions sent shockwaves to thousands holding Niyo, Vested and INDmoney co-branded forex cards. More importantly, the bank failed to convey the same to users, although it knew the RBI drill ahead of such restrictions.
Now, corporate and prepaid card users are forced into a similar situation.
Here is a quick look at a few mail messages highlighting the re-KYC delays and the growing concern of card users.
Srinivas Gowda, a senior software engineer working for the Bengaluru-based investment tech firm Preqin, had a prepaid card worth INR 10K to transact on Swiggy, Zomato and other platforms. He informed Inc42 that the prepaid card with more than INR 8K balance had been blocked since that fateful day.
Worse still, the bank did not send any link for the re-KYC procedure while blocking their cards. It did so only a month later.
Further, users who finally completed the re-KYC procedure have yet to get their cards reactivated. According to their fintech partners, the KYC has been under verification for 40 days or so.
What’s more frustrating is that the bank has never responded to their complaints.
“Nothing moves beyond generating a ticket number. Even the tickets aren’t generated so many times,” rued Gowda.
Card users complain to the banking ombudsman for resolution: Left with no choice, many card users have filed complaints under the RBI’s Banking Ombudsman Scheme (BOS).
“A person can file a complaint on the grievance redressal portal of the RBI, if a bank fails to act within 30 days,” said Dr Dhirwani of TechnoMedix.
According to the scheme, if a complaint is not settled by an agreement within a month, the Banking Ombudsman proceeds further to pass an award. But before that, it will give the complainant and the bank a reasonable opportunity to present their case. It is up to the complainant to accept the award in full and final settlement or reject it.
Fintechs Losing Money, Jeopardising Reputation Amid Regulatory Concerns
“The concept of activity-based regulation with the basic theme of ‘same activity, same regulation’ has gained currency. The fundamental point is that any entity providing banking services needs to be subject to similar regulation as banks,” – T. Rabi Shankar, deputy governor, the Reserve Bank of India
Time and again, the central bank has raised concerns over how fintechs often skip essential compliances and financial integrity requirements like KYC, AML/CFT (Anti-Money Laundering / Countering the Financing of Terrorism).
During his speech on ‘Fintech and Regulations’ at a Summit in January this year, the RBI’s deputy governor T. Rabi Shankar expressed his concern about the new challenges fintechs have brought. He emphasised the need for regulators to ensure that non-bank entities operating outside the regulatory perimeter for banks do not undermine the banks’ role, which could lead to financial instability.
At the same time, there is a need for these efficiency-inducing new technologies to be incentivised. However, the entity-based regulation of banks, with its focus on financial health parameters such as capital adequacy, leverage, liquidity, or financial integrity factors like KYC, AML/CFT, requires to be adapted to the presence of fintech entities which are not subject to the same regulatory requirements, added Shankar.
Thus, sooner or later, fintechs are bound to have greater scrutiny by the RBI either directly or indirectly through its regulated entities like banks. And, this may impact the fintech boom adversely in the short-term, believe experts.
The fintech market in India is estimated to reach $1.3 Tn by 2025, growing at a CAGR of 31%. Riding the wave of new-age technology integration and backing from local and global investor ecosystems, India today boasts 21 fintech unicorns and more than 4.2K active fintech startups.
But in the past year, this sector has hit the headlines for all the wrong reasons. First, how the RBI’s regulatory slap in the form of notification in June, 2022 hit hard fintechs like Slice, Uni and Postpe, putting them into the existential crisis mode.
Although the current crisis does not match the SVB collapse in scale or impact, several Indian fintechs have been hit equally hard. Think of Kodo, a Mumbai-based corporate card startup launched in 2019. Its flagship is a co-branded corporate credit card, and its only banking partner is SBM India. A failed partnership at this point may not augur well for many early and growth-stage startups that bank on a star product, unlike Razorpay, a unicorn with a wide range of products/services and a diversified client base.
Meanwhile, Karbon card has already issued a new business card called Card++ to appease its irate customers.
For many fintechs, this will be challenging, though, as legacy players are still highly selective about fintech partners.
A fintech founder, whose startup is currently in talks with Axis Bank to launch a new corporate card, also thinks it will be a difficult journey, at least for some time. After all, partnering with other banks will never be as easy as SBM India, which has relentlessly built its image as a fintech-first go-to bank catering to local businesses.
The road ahead is definitely bumpy. “But at stake is the reputation,” the founder said without wanting to be named.
[Edited by Sanghamitra Mandal]